Cryptographically secure encryption and authentication schemes are vital to enabling secure communication between different parties over untrusted communication channels, such as the Internet and other wired and wireless data networks. As used herein, the term “untrusted communication channel” refers to any communication medium, including but not limited to wired and wireless data networks, where two or more computing devices exchange information that a potential attacker can monitor and potentially manipulate to compromise communication between the computing devices. For example, when computing device A owned by Alice and computing device B owned by Bob communicate via an untrusted network such as the Internet or another communication channel like a direct wireless channel or a wired connection that is tapped, an attacker Eve uses another computing device E to monitor the contents of the communication between A and B. In some instances, E can actively insert fabricated data into the untrusted communication channel to masquerade as A or B. As is known in the art, if A and B implement appropriate encryption and authentication processes, then their communications over the untrusted channel can be protected against E. When the communications are properly encrypted, E can read the encrypted data but is unable to produce the unencrypted contents in a practical manner. When the communications are properly authenticated, then A can identify if a communication that purports to be from B is either a fabrication or has been corrupted by E, and vice versa. Thus, proper cryptographic encryption and authentication enable A and B to communicate in a secure manner over what is otherwise an untrusted communication channel.
In most practical encrypted communications between two computing devices A and B, the two computing devices need to have a shared cryptographic key K that is known to both A and B, but is unknown to any third parties including the attacker E. Of course, public key infrastructure (PKI) cryptographic systems are an example of systems that do not include shared secret keys since A and B each keep a non-shared secret key and share a corresponding public key that is not kept secret. However, in most practical communications schemes that employ PKI, the public and private keys are used to form a secure channel to perform a shared-secret key-exchange protocol, such as the Diffie-Hellman or other suitable key exchange protocols, where the parties A and B use PKI to share a secret key with each other over an untrusted communication channel. The secret key is then used in conjunction with an appropriate symmetric encryption scheme, such as AES, to perform the bulk of the secured communications between A and B. Practical communication systems uses shared-secret keys even when PKI is in place for efficiency reasons since symmetric encryption schemes such as AES typically offer substantially higher performance than PKI encryption.
While PKI is one known method for sharing secret keys between parties over an untrusted channel, the existing PKI systems that are known to the art are also complex and can present difficulties in establishing communication between the computing devices of two parties A and B, especially when the communication is on an ad-hoc basis. Other methods that are known to the art for sharing secret keys between two devices A and B use what is referred to as an out-of-band (OOB) communication channel. The OOB communication channel is typically a separate communication channel from the usual communication channel that A and B use for communication. For example, if A and B typically communicate by email via the Internet or another data network, the OOB channel could be through a telephony network that the parties who operate devices A and B use to share a passphrase or other secret that is used to encrypt and authenticate email messages. A wide range of OOB communication schemes that include both physical communication (e.g. a courier carrying shared secrets on paper or a non-volatile memory device) and electronic communication through line-of-sight laser or infrared, short range radio, or short-range audio communications are known to the art. The OOB is often another untrusted channel that is potentially susceptible to attackers, but using the OOB to distribute the shared secret data typically increases the difficulty level for attackers and eliminates many practical forms of attack.
While using an OOB can help in distributing the shared secret keys when other schemes such as PKI are unavailable, using an OOB can also present challenges. Many manual OOBs, such as phone conversations, can make the exchange of lengthy cryptographically secure secrets difficult. Other automated OOBs often require two parties to be in close proximity to one another to be effective for short-range infrared, radio, or audio communication. Consequently, improved systems and methods for generating shared secret keys in a secure manner would be beneficial.